[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: strerror() not thread-safe -- does it matter?
- From: William Ahern <william@...>
- Date: Fri, 23 Mar 2012 02:20:13 -0700
On Fri, Mar 23, 2012 at 01:32:18AM -0700, Josh Haberman wrote:
> Lua uses strerror() in several places (lauxlib.c, liolib.c, luac.c),
> but it is not thread-safe. On my system (OS X) strerror's static
> buffer is initialized to all-NULL, and therefore guaranteed to be
> NULL-terminated (even with racing writes), but are there systems where
> a race could crash the program? An extremely low chance of an
> incorrect/garbled message seems acceptable, but the potential for a
> crash (or even a security exploit) seems bad.
>
> Has this come up before?
>
There's no easy way around this. The C standard doesn't provide a
thread-safe version of strerror, not even the new C11 standard which
provides threading. See section 7.23.6.2 of C11.
IMO, this is mostly a quality of implementation issue. Any implementation
worth its salt should either return static, constant strings (at least for
the known errnos), or use thread-local-storage for its buffers.
That said, with the POSIX flag perhaps Lua could use strerror_r(). C11 Annex
K has strerror_s, but only Microsoft supports Annex K, and only partially at
that even though they sponsored it.